Saturday, June 17, 2017

Fluxion – Automated EvilAP Attack Tool

7:45 AM Leave a Reply
Fluxion – Automated EvilAP Attack Tool
Fluxion is an automated EvilAP attack tool for carrying out MiTM attacks on WPA Wireless networks written in a mix of Bash and Python.
Fluxion - Automated EvilAP Attack Tool
Fluxion is heavily based off Linset the Evil Twin Attack Bash Script, with some improvements and bug-fixes.

How it Works

  • Scan the networks.
  • Capture a handshake (can’t be used without a valid handshake, it’s necessary to verify the password)
  • Use WEB Interface *
  • Launch a FakeAP instance to imitate the original access point
  • Spawns a MDK3 process, which deauthenticates all users connected to the target network, so they can be lured to connect to the FakeAP and enter the WPA password.
  • A fake DNS server is launched in order to capture all DNS requests and redirect them to the host running the script
  • A captive portal is launched in order to serve a page, which prompts the user to enter their WPA password
  • Each submitted password is verified by the handshake captured earlier
  • The attack will automatically terminate, as soon as a correct password is submitted

Dependencies

  1. Aircrack : 1:1.2-0~rc4-0parrot0
  2. Lighttpd : 1.439-1
  3. Hostapd : 1:2.3-2.3
You can download Fluxion here: